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DETAILED ACTION 

1 . Claims 1 -48 have been examined. Applicant in the amendment filed on 
December 1, 2004, amended claims 16 and 29, and added new claims 32-48. 

Response to Amendment 

2. The objection to claim 16 is withdrawn as the amendment overcomes the 
objection to claim 16. 

3. The 112, second paragraph rejection to claim 29 is withdrawn as the amendment 
to the claim overcomes the 112, second paragraph rejection. 

Response to Arguments 

4. Applicant's arguments filed December 1 , 2004 have been fully considered but 
they are not persuasive. 

5. On pg. 1 1 , 1 st paragraph of the Remarks, applicant argues the primary reference, 
Phelan, does not anticipate applicant's claimed invention, since Phelan does not teach 
maintaining state between the client and the server: 

... the reference does not disclose how these cookies would be used, but it should be apparent 
that the cookies are not used to maintain state between the client and the servers. Instead, the 
cookie information seems intended merely to aid in the communication of location coordinates to 
the servers, and not for maintaining "state" as that term is generally understood in the art. 
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6. It is noted that the definition of "state" is interpreted based on the specification 
pg. 2, 3 rd paragraph of the instant application, which reads: 

To further expand the functionality of web applications on the Internet, web developers also 
created the concept of a state." In other words, web applications would have the ability to retain a 
record of a user's prior transactions and utilize that record to more effectively serve that user. 

7. Based on this definition of "state", Phelan clearly teaches using cookies to 
maintain "a record of a user's prior transactions and utilize that record to more 
effectively serve that user". See Phelan, col. 8:65-9:3; information stored in cookies is 
used by the server on successive requests to record and display information relevant to 
the user. Further, applicant's argument that Murphy fails to make up for the deficiencies 
of Phelan because they fail to teach maintaining state (pg. 12, 1 st paragraph) is 
rendered moot, since Phelan does teach utilizing the state variable to maintain state 
between the client and the server as indicated above. 

8. Moreover, applicant alleges that Wood fails to make up for the deficiencies of 
Phelan, specifically that the teachings of Wood is fundamentally distinct from the 
teachings of Phelan because Wood does not teach the state variable storing a location 
value (pg. 12, 2 nd paragraph), but applicant does not explain the fundamental difference. 
Both Wood and Phelan teach maintaining state using state variables for clients. 
Further, Phelan teaches storing location values within the state variable; this is not a 
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fundamental distinction: assignment of a value within a state variable is a trivial matter 
in the art. 

9. Finally, regarding applicant's argument that Wood teaches away from the present 
invention, specifically: 

Further, Wood et ai discloses an architecture in which a persistent session credential is created 
for use over multiple accesses to one or more information resources. This teaches directly away 
from the present invention, which in certain embodiments seeks to avoid entirely the security 
issues pertaining to maintaining persistency over multiple sessions by deleting the state variable 
upon completion of a session. See Remarks, pg. 12, 2 nd full paragraph. 

10. It is noted that this limitation is only recited in new claim 43, and hence only 
pertains to current rejections against new claim 43. In response, examiner disagrees 
with applicant's interpretation of Wood. Wood clearly discloses using session 
credentials to maintain state for only a single session. See Wood, col. 2:26-55. The 
issue of multiple accesses is beside the point; by applicant's own arguments, multiple 
access is a necessary feature of a session between a client and a server. See 
Remarks, pg. 11, 1 st full paragraph. Further, applicant's own conclusion of Wood 
contradicts applicant's interpretation of Wood: a persistent session credential that is 
created for use over multiple access to one or more information resources is created for 
a single session by virtue of the fact that only the single session credential was created. 
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1 1 . Hence, for the reasons outlined above and those below, applicants claimed 
invention is covered by the prior art of record. 

Claim Rejections - 35 USC § 102 

12. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

13. Claims 1-3, 10-13, 15-17, 24-27 and 29-31 are rejected under 35 U.S.C. 102(e) 
as being anticipated by Phelan U.S. Patent No. 6,240,360 (hereinafter Phelan). 

14. As per claim 15, Phelan discloses an apparatus for maintaining state between a 
client and a server, comprising: means for generating a state variable including a 
location value and means for utilizing the state variable to maintain state between the 
client and the server. See Phelan, col. 8:65-9:20. The aforementioned cover the 
limitations of claim 15. 

15. As per claim 16, Phelan discloses an apparatus as outlined above in the claim 15 
rejection. In addition, the location value corresponds to the location of the client. See 
Phelan, col. 9:2-3. The aforementioned cover the limitations of claim 16. 
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16. As per claim 17, Phelan discloses an apparatus as outlined above in the claim 16 
rejection. In addition, the location value comprises a latitude and longitude dimension. 
See Phelan, col. 9:9. The aforementioned cover the limitations of claim 17. 

17. As per claims 24-27, Phelan discloses an apparatus as outlined above in the 
claim 1 5 rejection. In addition, the means for utilizing the state variable further 
comprises means for comparing a portion of the state variable derived from a location 
value comprising a latitude and longitude dimension corresponding to the location of the 
client to a database to identify the client. See Phelan, col. 8:65-9:20, especially 8:67. 
The aforementioned cover claims 24-27. 

18. As per claims 1-3 and 10-13, they are method claims corresponding to claims 15- 
17 and 24-27 and they do not teach or define above the information claimed in claims 
15-17 and 24-27. Therefore, claims 1-3 and 10-13 are rejected as being anticipated by 
Phelan for the same reasons set forth in the rejections of claims 15-17 and 24-27. 

1 9. As per claim 29, Phelan discloses a system for facilitating interaction between a 
user and a web application on a remote server, comprising: 

a. a computer comprising a processor and memory (see Phelan, Figure 3, 
Reference No. 10); 

b. a GPS receiver for generating location values corresponding to the user's 
geographic location (see Phelan, col. 7:65-8:4; 9:2-9); 
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c. means operatively associated with the processor for generating a state 
variable derived from the location values (see Phelan, 8:61-66; 9:9); 

d. means operatively associated with the processor for utilizing the state 
variable to maintain state between the user and the web application (see Phelan, 
5:53-59;8:61-9:4). 

The aforementioned cover the limitations of claim 29. 

20. As per claim 30, Phelan discloses a system as outlined above in the claim 29 
rejection. In addition, the computer further comprises the means for generating the 
state variable and the means for utilizing the state variable. See Phelan, col. 8:65-9:20. 
The aforementioned cover the limitations of claim 30. 

21 . As per claim 31 , Phelan discloses a system as outlined above in the claim 30 
rejection. In addition, the computer further comprises the GPS receiver. See Phelan, 
col. 7:65-8:4. The aforementioned cover the limitations of claim 31 . 

Claim Rejections -35 USC §103 

22. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 



Application/Control Number: 09/880,308 Page 8 

Art Unit: 2132 

23. Claims 4, 14, 18 and 28 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Phelan, and further in view of Murphy U.S. Patent No. 5,640,452 
(hereinafter Murphy). 

24. As per claims 18 and 28, Phelan discloses an apparatus as outlined above in the 
claim 17 and 27 rejections under 35 U.S.C. 102(e). Phelan does not disclose the 
location value further comprising an altitude dimension. Murphy discloses a location 
determination module storing a location value that includes altitude as a third 
dimension. See Murphy, col. 7:60-62. It would be obvious to one of ordinary skill in the 
art at the time the invention was made for the location value to include an altitude 
dimension since it enables the location of the client to be pinpointed in 3-dimensional 
space. See Murphy, Figure 1 . The aforementioned cover the limitations of claims 18 
and 28. 

25. As per claims 4 and 14, they are method claims corresponding to claims 18 and 
28 and they do not teach or define above the information claimed in claims 18 and 28. 
Therefore, claims 4 and 14 are rejected as being unpatentable over Phelan in view of 
Murphy for the same reasons set forth in the rejections of claims 18 and 28. 

26. Claims 5-9, 19-23, 32, 33, 35-40, 42-48 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Phelan, and further in view of Wood et al. U.S. Patent No. 
6,668,322 (hereinafter Wood). 
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27. As per claims 19-21 , Phelan discloses an apparatus as outlined above in the 
claim 15 rejection under 35 U.S.C. 102(e). Phelan is silent on the matter of the state 
variable further including a temporal value wherein the temporal value corresponds to 
the creation of the state variable and the invocation of an Internet browser session. 
Wood teaches a system for employing secure credentials wherein a state variable 
includes a temporal value, which corresponds to the creation of the state variable and 
the invocation of an Internet browser session. See Wood, col. 6:64-65; 10:48-54, 62- 
65. It would be obvious to one of ordinary skill in the art at the time the invention was 
made for a temporal value to be incorporated in the state variable since it represents an 
essential component of a session state. See Wood, 10:62-64. The aforementioned 
cover the limitations of claims 19-21 . 

28. As per claims 22 and 23, Phelan covers an apparatus as outlined above in the 
claim 19-21 rejections. In addition, Wood teaches deriving an anonymous state variable 
by mathematically encoding the state variable. See Wood, Figure 4, Reference No. 430 
and related text. It would be obvious to one of ordinary skill in the art at the time the 
invention was made for the apparatus to further comprise means for deriving an 
anonymous state variable by mathematically encoding the state variable to maintain the 
integrity and privacy of the credential information stored in the state variable. See 
Wood, col. 6:61-65. The aforementioned cover the limitations of claims 22 and 23. 
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29. As per claims 5-9, they are method claims corresponding to claims 1 9-23 and 
they do not teach or define above the information claimed in claims 19-23. Therefore, 
claims 5-9 are rejected as being unpatentable over Phelan in view of Wood for the 
same reasons set forth in the rejections of claims 1 9-23. 

30. As per claims 32, 33, 35-37, 40, 42 and 44-46, Phelan discloses a method for 
communicating between a client and a server, comprising generating a unique state 
variable based on at least a location value corresponding to a location of the client and 
communicating the state variable to the server to maintain a record of the user (see 
Phelan, col. 8:10-24 and 8:65-9:9); the location value comprising at least a latitude and 
longitude dimension (9:9); receiving the location value from a GPS receiver collocated 
with the client (7:65-8:4; 9:2-9); and maintaining at least a portion of the state variable 
upon completion of a session (8:65-9:9). 

31 . Phelan does not expressly teach communicating the state variable to the server 
upon commencement of a session between the client and the server and maintaining a 
record of the session using the state variable as an identifier of the client. Wood 
teaches a system for employing secure credentials to maintain a record of a session 
using state variables as an identifier of the client, wherein the state variables are 
communicated to the server upon commencement of a session between the client and 
the server. See Wood, 6:64-65; 9:22-30; 10:1-29, 48-54 and 62-65. Furthermore, 
Wood teaches the generating step comprises generating the state variable to further 
include a temporal value (10:13-17 and 64); wherein the generating step further 
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comprises generating the temporal value to correspond to a time of creation of the state 
variable (10:13-14); wherein the generating step further comprises generating the 
temporal value to correspond to a time of initiation of the session (10:14 and 64); further 
comprising comparing at least a portion of the state variable to a database to identify 
the client (13:1-4; 14:21-27, 34-59); wherein the generating step further comprises 
generating a cookie file containing the state variable (6:64-65); further comprising 
setting a value field of the cookie file to include the state variable (6:64-65). It would be 
obvious to one of ordinary skill in the art at the time the invention was made to 
communicate the state variable to the server upon commencement of a session 
between the client and the server and maintaining a record of the session using the 
state variable as an identifier of the client since state variables uniquely identify the 
session and user of the transaction and hence establishes a more secure session. See 
Wood, 10:62-64. The aforementioned cover the limitations of claims 32, 33, 35-37, 40, 
42 and 44-46. 

32. As per claims 38 and 39, Phelan covers a system as outlined above in the claim 
32 rejection. In addition, Wood teaches deriving an anonymous state variable by 
mathematically encoding the state variable. See Wood, Figure 4, Reference No. 430 
and related text. It would be obvious to one of ordinary skill in the art at the time the 
invention was made for the apparatus to further comprise means for deriving an 
anonymous state variable by mathematically encoding the state variable to maintain the 
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integrity and privacy of the credential information stored in the state variable. See 
Wood, col. 6:61-65. The aforementioned cover the limitations of claims 22 and 23. 

33. As per claims 43 and 48, Phelan discloses a method as outlined in the claim 32 
and 45 rejections. Phelan does not expressly teach setting an age field of the cookie 
file to zero. However, it is notoriously well known and well implemented in the art to set 
a cookie max time value to zero to delete the cookie at the end of the user's session; 
this is a necessary step at the end of a user's session since information stored on 
invalid cookies that are not deleted may be mistakenly used by the server in a separate 
user session. Examiner takes Official Notice of this teaching. It would be obvious to 
one of ordinary skill in the art at the time the invention was made to set an age field of a 
cookie file to zero to delete the cookie when the user session ends, since deleting the 
cookie prevents establishing invalid sessions due to invalid cookies. 

34. As per claim 47, Phelan discloses a method as outlined in the claim 45 rejection. 
Phelan does not expressly teach leaving blank at least one of a domain and a path field 
of the cookie file. However, it is notoriously well known in the art that leaving a blank for 
the domain and a path field defaults access restriction of the cookie to only the 
application that saved the cookie. For example, in JAVA, the function 
Cookie.setDomain(String uri) defaults the domain to the domain name of the host that 
saved the cookie and the function Cookie.setPath(String uri) defaults to the file that set 
the cookie and all files within the directory or under this directory, functions which are 
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found in the object class javax.servlet.http.Cookie. Modification of the domain or the 
path is the exception rather than the rule. Examiner takes Official Notice of this 
teaching. It would be obvious to one of ordinary skill in the art at the time the invention 
was made to leave blank at least one of a domain and a path field of the cookie file, 
since the default value allows access to the cookie by only the host or file that saved 
them as known to one of ordinary skill in the art. 

35. Claims 34 and 41 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Phelan in view of Wood, and further in view of Teare et al. U.S. Patent No. 
5,243,652 (hereinafter Teare). 

36. As per claim 34, Phelan discloses a method as outlined above in the claim 32 
rejection. Phelan does not disclose the location value further comprising an altitude 
dimension. Teare discloses a location determination value including altitude to 
determine if a user is accessing a service within an authorized location. See Teare, 
Figure 2 and related text. It would be obvious to one of ordinary skill in the art at the 
time the invention was made for the location value to include an altitude dimension, 
since it enables a more precise identification of the location of the client. See Teare, 
ibid. The aforementioned cover the limitations of claim 34. 

37. As per claim 41 , Phelan discloses a method as outlined above in the claim 40 
rejection. Phelan does not expressly disclose a portion of the state variable derived 
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from the location value identifies the client. Teare discloses maintaining state 
information identifying the location of the client to restrict client access within a certain 
location. See Teare, col. 1 :47-57. It would be obvious to one of ordinary skill in the art 
at the time the invention was made for a portion of the state variable derived from the 
location value identifies the client, since restricted use for a service within a location 
ensures that the service provided to specific user is authorized. See Teare, 1 :15-29 
and 32-37. The aforementioned cover the limitations of claim 41 . 

38. Claims 43, 47 and 48 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Phelan in view of Wood, and further in view of admitted prior art in applicant's 
Specification (hereinafter admission). 

39. As per claims 43 and 48, Phelan discloses a method as outlined in the claim 32 
and 45 rejections. Phelan does not expressly teach setting an age field of the cookie 
file to zero. Admission teaches "the maximum age field is typically set to zero to 
indicate that the state variable cookie does not persist beyond a single browser session" 
(Specification, pg. 12, lines 9-20, especially lines 17-18). This is a necessary step at 
the end of a user's session since information stored on invalid cookies that are not 
deleted may be mistakenly used by the server in a separate user session. It would be 
obvious to one of ordinary skill in the art at the time the invention was made to set an 
age field of a cookie file to zero to delete the cookie when the user session ends, since 
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the cookie is no longer needed. See admission, ibid, 
limitations of claim 43 and 48. 

40. As per claim 47, Phelan discloses a method as outlined in the claim 45 
rejections. Phelan does not expressly teach leaving blank at least one of a domain and 
a path field of the cookie file. Admission teaches "the domain and path field generally 
remain empty because the state variable cookie is always valid" (Specification, pg. 12, 
lines 9-20, especially lines 15-16). Modification of the domain or the pathname is the 
exception rather than the rule. It would be obvious to one of ordinary skill in the art at 
the time the invention was made to leave blank at least one of a domain and a path field 
of the cookie file, since the default value enables access to the cookie by only the host 
or file that saved them as known to one of ordinary skill in the art. See admission, ibid. 
The aforementioned cover the limitations of claim 47. 
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Conclusion 

41 . Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
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mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jung W Kim whose telephone number is (571) 272- 
3804. The examiner can normally be reached on M-F 9:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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